Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 21: FEDORA-2015-3612 Critical: ImageMagick DoS Issues

fedora
Calendar Grey April 13, 2015
Dist Fedora Esm H88
Essential security patch released for ImageMagick on Fedora 21 tackling various vulnerabilities, particularly concerning memory handling weaknesses.
Security fix for CVE-2014-8354,CVE-2014-8355 and 4 other security issues

Summary

ImageMagick is an image display and manipulation tool for the X

Window System. ImageMagick can read and write JPEG, TIFF, PNM, GIF,

and Photo CD image formats. It can resize, rotate, sharpen, color

reduce, or add special effects to an image, and when finished you can

either save the completed work in the original format or a different

one. ImageMagick also includes command line programs for creating

animated or transparent .gifs, creating composite images, creating

thumbnail images, and more.

ImageMagick is one of your choices if you need a program to manipulate

and display images. If you want to develop your own applications

which use ImageMagick code or APIs, you need to install

ImageMagick-devel as well.

Update Information:

Security fix for CVE-2014-8354,CVE-2014-8355 and 4 other security issues

Topics%20covered

Topics Covered

security advisory critical Fedora DoS security fix memory access ImageMagick

Change Log

* Tue Mar 10 2015 Pavel Alexeev - 6.8.8.10-6 - Merge fixes from f20 branch (some rabased): o Backport upstream fix (bz#1158520) for CVE-2014-8354 Add Patch1: ImageMagick-6.8.7-CVE-2014-8354.patch o Backport upstream fix (bz#1158524) for CVE-2014-8355 Add Patch2: ImageMagick-6.8.6-CVE-2014-8355.patch - Concretize soname versions. - Fix 4 more security bags: o Backport upstream fix - bz#1195263 Add Patch3: ImageMagick-6.8.6-hdr-bz#1195263.patch o Backport upstream fix - bz#1195265 Add Patch4: ImageMagick-6.8.6-miff-bz#1195265.patch o Backport upstream fix - bz#1195269 Add Patch5: ImageMagick-6.8.6-pdb-bz#1195269.patch o Backport upstream fix - bz#1195271 Add Patch6: ImageMagick-6.8.6-vicar-bz#1195271.patch

References


[ 1 ] Bug #1158518 - CVE-2014-8354 ImageMagick: out-of-bounds memory access in resize code https://bugzilla.redhat.com/show_bug.cgi?id=1158518 [ 2 ] Bug #1158523 - CVE-2014-8355 ImageMagick: out-of-bounds memory access in PCX parser https://bugzilla.redhat.com/show_bug.cgi?id=1158523 [ 3 ] Bug #1195260 - ImageMagick: denial of service flaw in HDR file processing https://bugzilla.redhat.com/show_bug.cgi?id=1195260 [ 4 ] Bug #1195265 - ImageMagick: denial of service flaw in MIFF file processing https://bugzilla.redhat.com/show_bug.cgi?id=1195265 [ 5 ] Bug #1195269 - ImageMagick: denial of service flaw in PDB file processing https://bugzilla.redhat.com/show_bug.cgi?id=1195269 [ 6 ] Bug #1195271 - ImageMagick: denial of service flaw in VICAR file processing https://bugzilla.redhat.com/show_bug.cgi?id=1195271

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update ImageMagick' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: ImageMagick
Product: Fedora 21
Version: 6.8.8.10
Release: 6.fc21
URL: https://imagemagick.org/index.php
Summary: An X application for displaying and manipulating images

Topics%20covered

Topics Covered

security advisory critical Fedora DoS security fix memory access ImageMagick

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here